Additional Materials:

Contact:

Among its efforts to strengthen aviation security, the Transportation Security Administration (TSA) is developing a new passenger prescreening system--known as Secure Flight. As required by Congress, TSA is planning to assume, through Secure Flight, the prescreening function currently performed by the air carriers. This report assesses the (1) status of Secure Flight's development and implementation, (2) factors that could influence the effectiveness of Secure Flight, (3) processes used to oversee and manage the Secure Flight program, and (4) efforts taken to minimize the impacts on passengers and protect passenger rights. In conducting this assessment, we addressed the 10 specific areas of congressional interest related to Secure Flight outlined in Public Law 108-334.

TSA is making progress in addressing each of the key areas of congressional interest related to the development and implementation of Secure Flight, including developing and testing the system. However, TSA has not yet completed these efforts or fully addressed these areas, due largely to the current stage of the system's development. For example, while TSA has drafted a concept of operations and system requirements, it has not finalized these key documents or completed test activities that will need to be accomplished before Secure Flight becomes operational. Until requirements are defined, operating policies are finalized, and testing is completed--scheduled for later in the system's development--we cannot determine whether Secure Flight will fully address these areas of interest. TSA also initiated a number of actions designed to improve the ability of Secure Flight to identify passengers who should undergo additional security scrutiny, in place of the prescreening currently conducted by air carriers. Specifically, TSA officials stated that recently completed initial testing identified improvements over the current prescreening system, and TSA plans to use intelligence analysts to increase the accuracy of data matches. However, the effectiveness of Secure Flight in identifying passengers who should undergo additional security scrutiny has not been fully determined. For example, TSA has not resolved how passenger data will be transmitted from air carriers to TSA to support Secure Flight operations. Further, the ability of Secure Flight to make accurate matches between passenger data and data contained in the terrorist screening database is dependent on the quality of the data used, which has not been determined. TSA has also strengthened the oversight and management of Secure Flight, and has established relationships with key program stakeholders. However, air carriers expressed concerns regarding the uncertainty of system requirements, and the impact these requirements may have on the airline industry in terms of system modifications and costs. Additionally, TSA has taken steps to minimize potential impacts on passengers and to protect passenger rights during Secure Flight testing. However, TSA has not yet clearly defined the privacy impacts of the operational system or all of the actions TSA plans to take to mitigate potential impacts.

Recommendations for Executive Action

Status: Closed - Implemented

Comments: In March 2005, we reported, among other things, that the Transportation Security Administration (TSA) had not yet clearly defined the privacy impacts of the operational system or all of the actions TSA planned to take to mitigate potential impacts. Since the time of our review, we found that TSA has made significant progress in developing the Secure Flight program and has completed key activities associated with implementing the program. In May 2009, GAO reported that TSA had generally achieved 9 of 10 statutory conditions related to the development of the Secure Flight program (including Statutory Condition 8, which required TSA to take action to ensure that no specific privacy concerns remain with the Secure Flight system) and conditionally achieved 1 condition. Specifically related to our prior recommendation, TSA issued required privacy notices--including a Privacy Impact Assessment in October 2008 and Systems of Records Notice in August 2007--that meet legal requirements and address key privacy principles. These notices describe, among other things, information that will be collected from passengers and airlines, the purpose of collection, and the planned uses of the data. In addition, in May 2009, we reported that TSA had established a variety of programmatic and technical controls for Secure Flight, such as involving privacy experts in major aspects of Secure Flight development; developing privacy training for all Secure Flight staff and related incident response procedures; tracking privacy issues and performing analysis when significant privacy issues are identified; instituting access controls to ensure that data are not accidentally or maliciously altered or destroyed; filtering unauthorized data from incoming data to ensure collection is limited to predefined types of information; establishing standard formats for the transmission of personally identifiable information in order to reduce variance in data and improve data quality; and maintaining audit logs to track access to personally identifiable information and document privacy incidents.

Recommendation: To help manage risks associated with Secure Flight's continued development and implementation, and to assist the Transportation Security Administration in developing a framework from which to support its efforts in addressing congressional areas of interest outlined in Public Law 108-334, the Secretary of the Department of Homeland Security should direct the Assistant Secretary, Transportation Security Administration to, prior to achieving initial operational capability, finalize policies and issue associated documentation specifying how the Secure Flight program will protect personal privacy, including addressing how the program will comply with the requirements of the Privacy Act of 1974 and related legislation.

Comments: In March 2005, we reported, among other things, that the Transportation Security Administration (TSA) had not yet established performance goals or measures to gauge the success of the Secure Flight program once it was operational. Since the time of our review, we found that TSA has made significant progress in developing the Secure Flight program and has completed key activities associated with implementing the program. In May 2009, GAO reported that TSA had generally achieved 9 of the 10 statutory conditions related to the development of the Secure Flight program (including Statutory Condition 7, which required the adoption of policies establishing the effective oversight of the use and operation of the Secure Flight system and the development of performance measures to monitor and assess the effectiveness of the Secure Flight program) and conditionally achieved 1 condition. Specifically related to our prior recommendation, in September 2007, TSA developed a set of Secure Flight implementation performance metrics. The metrics are aligned with the goals and objectives of the Department of Homeland Security, TSA, and Secure Flight and cover five performance areas: Office of Management and Budget Key Performance Measures and four internal or operational performance measure areas--Service Center, General Operations, System, and Organizational Development.

Recommendation: To help manage risks associated with Secure Flight's continued development and implementation, and to assist the Transportation Security Administration in developing a framework from which to support its efforts in addressing congressional areas of interest outlined in Public Law 108-334, the Secretary of the Department of Homeland Security should direct the Assistant Secretary, Transportation Security Administration, to develop results-oriented performance goals and measures to evaluate the effectiveness of Secure Flight in achieving intended results in an operational environment--as outlined in the Government Performance and Results Act--including measures to assess associated impacts on aviation security.

Comments: In March 2005, we reported, among other things, that the Transportation Security Administration (TSA) had not developed life-cycle cost estimates and only recently had completed an expenditure plan. Since the time of our review, we found that TSA has made significant progress in developing the Secure Flight program and has completed key activities associated with implementing the program. In May 2009, GAO reported that TSA had generally achieved 9 of the 10 statutory conditions related to the development of the Secure Flight program and conditionally achieved 1 condition (requiring the development of appropriate life-cycle cost estimates and expenditure and program plans). Specifically, related to our March 2005 recommendation, TSA provided us a plan of action, dated April 2009, that details the steps the Secure Flight program management office intends to carry out to address weaknesses we identified in the program's cost estimate in accordance with best practices. With regard to the program's cost estimate, TSA's plan has established a timeline of activities, that if effectively implemented, should result in (1) a more detailed work breakdown structure that would define the work necessary to accomplish the program's objectives; (2) the program cost estimate and schedule work breakdown structures being aligned properly; (3) an independent cost estimate performed by a contractor; (4) an assessment of the life-cycle cost estimate by the Department of Homeland Security's Cost Analysis Division; and (5) cost uncertainty and sensitivity analysis. In addition, TSA's plan has estimated government costs that were originally missing from its cost estimate. According to TSA, these costs will be addressed in its life-cycle cost estimate documentation.

Recommendation: To help manage risks associated with Secure Flight's continued development and implementation, and to assist the Transportation Security Administration in developing a framework from which to support its efforts in addressing congressional areas of interest outlined in Public Law 108-334, the Secretary of the Department of Homeland Security should direct the Assistant Secretary, Transportation Security Administration, to develop reliable life-cycle cost estimates and expenditure plans for Secure Flight--in accordance with guidance issued by the Office of Management and Budget--to provide program managers and oversight officials with information needed to make informed decisions regarding program development and resource allocations.

Comments: In March 2005, we reported, among other things, that the Transportation Security Administration (TSA) had not resolved how passenger data would be transmitted from air carriers to TSA to support Secure Flight operations. Further, we reported that officials from TSA and U.S. Customs and Border Protection (CBP) stated that it was uncertain whether CBP's existing systems--which Secure Flight would use to support the transfer of data--would be able to handle the larger amount of data that would need to be regularly transferred for the Secure Flight program. In February 2008, we reported that TSA and CBP had since worked with the Department of Homeland Security (DHS) to develop a strategy called the One DHS Solution--which is to align the two agencies' domestic and international watch-list matching processes, information technology systems, and regulatory procedures--to provide a seamless interface between DHS and the airline industry. In line with this strategy, the agencies agreed that TSA will take over international watch-list matching from CBP, with CBP continuing to perform, among other things, its border-related functions. Further, TSA and CBP coordinated their efforts to facilitate consistency across their programs. Specifically, related to our recommendation, in November 2008, TSA and CBP jointly issued a consolidated user guide to key stakeholders, including air carriers, that defines Secure Flight system data requirements. Also, in August 2008, TSA and CBP signed a formal interconnection security agreement establishing individual and organizational responsibilities for the protection and handling of unclassified information between the DHS router operated by CBP and TSA's Secure Flight program.

Recommendation: To help manage risks associated with Secure Flight's continued development and implementation, and to assist the Transportation Security Administration in developing a framework from which to support its efforts in addressing congressional areas of interest outlined in Public Law 108-334, the Secretary of the Department of Homeland Security should direct the Assistant Secretary, Transportation Security Administration, to develop a plan for establishing connectivity among the air carriers, U.S. Customs and Border Protection, and the Transportation Security Administration to help ensure the secure, effective, and timely transmission of data for use in Secure Flight operations.

Comments: In March 2005, we reported, among other things, that the Transportation Security Administration (TSA) had not finalized key program documents, such as the systems requirements document and the concept of operations, or completed key system testing, including stress testing, that were needed before the program became operational. Further, at the time of our review, TSA had not yet designed the procedures it would use to conduct stress testing. Since the time of our review, we found that TSA has made significant progress in developing the Secure Flight program and has completed key activities associated with implementing the program. In May 2009, GAO reported that TSA had generally achieved 9 of the 10 statutory conditions related to the development of the Secure Flight program (including Statutory Condition 3, which required performance of stress testing) and conditionally achieved 1 condition. Specifically, related to our March 2005 recommendation, TSA has finalized key program documentation, including the systems requirements document and concept of operations (finalized in August and December 2008, respectively); developed a Performance, Stress, and Load Test Plan with specific stress test requirements (finalized December 2008); and completed key system testing, including significant stress testing of the vetting (name matching) portion of Secure Flight (completed January 2009).

Recommendation: To help manage risks associated with Secure Flight's continued development and implementation, and to assist the Transportation Security Administration in developing a framework from which to support its efforts in addressing congressional areas of interest outlined in Public Law 108-334, the Secretary of the Department of Homeland Security should direct the Assistant Secretary, Transportation Security Administration, to finalize the system requirements document and the concept of operations, and develop detailed test plans to help ensure that all Secure Flight system functionality is properly tested and evaluated. These system documents should address all system functionality and include system stress test requirements.

Comments: In March 2005, we reported, among other things, that the Transportation Security Administration (TSA) had not yet clearly defined how it plans to implement the redress process for Secure Flight, such as how errors in personal data, if identified, would be corrected. We recommended that TSA, prior to achieving initial operating capability, finalize policies and procedures detailing the Secure Flight passenger redress process, including defining the appeal rights of passengers and their ability to correct personal data. Since the time of our review, we found that TSA has made significant progress in developing the Secure Flight program and has completed key activities associated with implementing the program. In May 2009, GAO reported that TSA had generally achieved 9 of the 10 statutory conditions related to the development of the Secure Flight program--including Statutory Condition 1, which required that a system of due process (redress)exist whereby aviation passengers determined to pose a threat who are either delayed or prohibited from boarding their scheduled flights by TSA may appeal such decisions and correct erroneous information contained in the Secure Flight program--and conditionally achieved 1 condition. Specifically related to our March 2005 recommendation, we reported that for the Secure Flight program, TSA plans to use the existing redress process that is managed by the Department of Homeland Security (DHS) Traveler Redress Inquiry Program (TRIP). TRIP, which was established in February 2007, serves as the central processing point within DHS for travel-related redress inquiries. TRIP refers redress inquiries submitted by airline passengers to TSA's Office of Transportation Security Redress (OTSR) for review. This process provides passengers who believe their travels have been adversely affected by a TSA screening process with an opportunity to be cleared if they are determined to be an incorrect match to watch-list records, or to appeal if they believe that they have been wrongly identified as the subject of a watch-list record. TSA has also coordinated with key stakeholders to identify and document shared redress processes and to clarify roles and responsibilities, consistent with relevant GAO guidance for coordination and documentation of internal controls. In addition, Secure Flight, TSA OTSR, and TSA's Office of Intelligence have jointly produced guidance that clarifies how the entities will coordinate their respective roles in the redress process, consistent with GAO's best practices on coordinating efforts across government stakeholders.

Recommendation: To help manage risks associated with Secure Flight's continued development and implementation, and to assist the Transportation Security Administration in developing a framework from which to support its efforts in addressing congressional areas of interest outlined in Public Law 108-334, the Secretary of the Department of Homeland Security should direct the Assistant Secretary, Transportation Security Administration to, prior to achieving initial operational capability, finalize policies and procedures detailing the Secure Flight passenger redress process, including defining the appeal rights of passengers and their ability to access and correct personal data.